Week 2 - How can risk be managed? Can risk be avoided? Can risk be understood?

Risks in business usually occur when there is uncertainty, confusion and a lack of understanding of what risk is within an organization.  What I mean is this, if a company does not fully understand a subject such as employee theft and does not have a plan in place to educate, identify and control it, then the possibility of loss will be greater and end up costing the company much more in the end.  Therefore, it is important that every company have a clear and precise plan in place to educate and identify what risks are present and how to mitigate or avoid them. 

This isn’t always an easy endeavor though, businesses face ongoing challenges and new (Potential) threats crop up every day as new vulnerabilities get identified.  Investing in a comprehensive Risk Assessment will help keep the business and its stakeholders calm during these times of tumult.

Businesses can’t avoid risks, as a matter of fact; risks are inevitable and sometimes needed in a business plan, the more risk that a company takes, the more reward or profit can be realized, but risks must be clearly identified and understood before moving forward with the business plan.  Most Risk assessment plans will prioritize the threats as Minor, medium and critical in order to put significance to the vulnerability so actions plans can be put into play to deal with them. 

Risk Assessments ask;

What is the vulnerability?

How does it affect me?

What is the threat?

What is the impact of the threat?

What severity does this threat have?

Can we live with the threat?

Who needs to be involved and notified?

What can we learn from this threat.

What actions need to be put into play in order to mitigate or manage the threat?

Threat modeling is a great way that businesses can answer these questions.  Threat modeling is a way to identify vulnerabilities and then implement countermeasures to help lessen the impact of the threats.  A sad lesson we have learned is that not all companies use this type of analytical approach to deal with the issues they have within their networks..